Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FireFox 401: Lkckclckl1i1i.com


  • This topic is locked This topic is locked
82 replies to this topic

#1 Shadowdance

Shadowdance

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 14 June 2011 - 12:40 PM

Hello everyone and thank you for all the help that you will provide.

The main problem is this:

http://imageshack.us/photo/my-images/715/image072.png

Firstly, having read the instructions before posting I would like to state that I have problems:

a) DeFogger won't run for any reason, I've downloaded it many times but it will not run. At this point, I'd like you to know that my only CD Emu software I use is DeamonToolsLite. Currently disabled from autorun.
B ) DDS would run but never built any logfiles; as I checked further while it was running the .DATs are not executable for some weird reason.
c) I tried to ComboFix but never done because I had a iaStore.sys BSOD. I believe it has to do with the malware.

-Secondly, I've run Full and Quick Malwarebytes scans, but the program found nothing (yes, It was updated 1 second before the scan).
-I did a Quick Avast Scan which found some Rootkits and trojans, moved to chest but the problem still persists. :(
-I did a HijackThis scan also, submitted it to their site but no process was suspicious.
-I was cleaning my temp files when AVAST! showed me this:

Posted Image

The action I took was to delete them.

-Also after the reboot due to the BSOD, I had explorer.exe hung, killed it and reran it via TaskMan, and my wallpaper is gone, also all the thumbnails from my images are gone too.

I don't know what to do, I've never been in this place, please help me :(


For some reason GMER log is huge, I followed the instructions and unchecked IAT/EAT and SHOW ALL though so I believe is not that wrong.

UPDATE LOGS


Okay I ve managed to run DeFogger (it only needed a Run As Admin) and disabled the drivers (which I suspect it's their fault for DDS not running and ComboFix causing a BSOD on iaStore.sys


Here is DDS LOG:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Luna at 23:29:16 on 2011-06-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1253.30.1032.18.2037.718 [GMT 3:00]
.
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\PicPick\picpick.exe
C:\Users\Luna\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\Autodesk\mrstand3.7.51-max2010\bin\rayserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Luna\Desktop\Defogger.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.vbvsearch.com/
uSearch Bar =
uSearch Page =
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Gamers Unite! Snag Bar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - c:\program files\gamers unite! snag bar\Toolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: BHO Class: {8b3868b4-eba8-48fa-a19b-e1dfb99066fa} - c:\program files\flashcapture\fcbho.dll
BHO: Βοηθός εισόδου του Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [PicPick Start] c:\program files\picpick\picpick.exe
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [HDInspector.exe] "c:\program files\hard drive inspector\HDInspector.exe"
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\luna\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\luna\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Save F&lash with FlashCapture - c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\icq7.4\ICQ.exe
IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F869F8EA-7C7C-452D-AE42-FC668A2EA03A} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Notify: igfxcui - igfxdev.dll
Notify: MCPClient - c:\program files\common files\stardock\mcpstub.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\luna\appdata\roaming\mozilla\firefox\profiles\8aqfsju6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=logo
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\luna\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\luna\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-4-14 911680]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-3 294608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-2-3 233136]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-4-16 2480048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-3 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-3 51280]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-20 40384]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 maxmr3751;mental ray Standalone 3.7.51 for Max 2010(32 bit);c:\program files\autodesk\mrstand3.7.51-max2010\bin\rayserver.bat [2009-5-28 1523]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-6-15 188736]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-2-3 90112]
R2 OS Selector;Acronis OS Selector activator;c:\program files\acronis\diskdirector\oss\reinstall_svc.exe [2010-5-25 2139400]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-2-3 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-2-3 818432]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-1-13 632792]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-4 1153368]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-4-16 160704]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-2-3 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-2-3 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-2-3 115216]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-3 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-16 136176]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-6-11 99248]
S2 SPMLM;SPM License Service for mental ray Standalone 3.7.51 for Max 2010;c:\windows\system32\spm\spmd.exe [2009-5-28 491520]
S3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-16 136176]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2010-2-3 32680]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-2-3 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-2-3 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-2-3 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-2-3 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-2-3 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-2-3 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-2-3 115752]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2011-1-22 16640]
.
=============== Created Last 30 ================
.
2011-06-14 19:26:35 -------- d-----w- c:\users\luna\appdata\roaming\Spyware Terminator
2011-06-14 19:26:28 -------- d-----w- c:\programdata\Spyware Terminator
2011-06-14 19:26:25 -------- d-----w- c:\program files\Spyware Terminator
2011-06-14 19:08:12 -------- d-----w- c:\program files\NirSoft
2011-06-14 19:04:56 -------- d-----w- c:\users\luna\appdata\roaming\SUPERAntiSpyware.com
2011-06-14 19:04:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-14 19:04:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-14 18:15:37 -------- d-----w- C:\Malwarebytes
2011-06-14 16:55:34 -------- d-----w- c:\users\luna\appdata\local\Secunia PSI
2011-06-14 16:54:54 -------- d-----w- c:\program files\Secunia
2011-06-14 16:16:58 -------- d-----w- c:\program files\STOPzilla!
2011-06-14 16:16:57 -------- d-----w- c:\program files\common files\iS3
2011-06-14 16:16:56 -------- d-----w- c:\programdata\STOPzilla!
2011-06-14 02:09:06 -------- d-----w- c:\program files\Singular Inversions
2011-06-11 21:18:10 -------- d-----w- c:\users\luna\appdata\roaming\Guitar Pro 6
2011-06-11 21:18:10 -------- d-----w- c:\programdata\Guitar Pro 6
2011-06-11 21:13:47 -------- d-----w- c:\program files\Guitar Pro 6
2011-06-07 22:04:31 -------- d-----w- c:\program files\AFT software
2011-06-07 22:03:56 796672 ----a-w- c:\windows\GPInstall.exe
2011-06-05 17:31:26 -------- d-----w- c:\programdata\Redfield
2011-06-05 17:28:12 -------- d-----w- c:\windows\Splash Screens
2011-06-02 15:55:22 388096 ----a-r- c:\users\luna\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-29 17:47:42 -------- d-----w- c:\program files\ConvertHelper
2011-05-29 17:42:08 -------- d-----w- c:\users\luna\dwhelper
2011-05-27 13:36:40 18435072 ----a-w- c:\windows\system32\imageres.dll
2011-05-24 00:18:11 -------- d-----w- c:\programdata\Cakewalk
2011-05-24 00:18:11 -------- d-----w- c:\program files\Cakewalk
2011-05-22 21:48:21 34 ----a-w- c:\windows\system32\mnprxpd2d.bin
2011-05-22 21:47:44 -------- d-----w- c:\program files\ChordPulse
2011-05-21 13:50:39 -------- d-----w- c:\program files\AMR to MP3 Converter
2011-05-20 17:14:34 -------- d-----w- c:\program files\ChronosXP
2011-05-17 03:55:27 -------- d-----w- c:\program files\Virtual Console
2011-05-17 03:19:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-29 06:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 06:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-18 21:30:24 136072908 ----a-w- c:\programdata\SPL11E9.tmp
2005-07-14 18:31:20 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): Δεν ήταν δυνατή η προσπέλαση του αρχείου από τη διεργασία, επειδή χρησιμοποιείται ήδη από κάποια άλλη διεργασία.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x87B95555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87b9b7b0]; MOV EAX, [0x87b9b82c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x8306211B] -> \Device\Harddisk0\DR0[0x877FA2C8]
3 CLASSPNP[0x88FE48B3] -> nt!IofCallDriver[0x8306211B] -> [0x8626E928]
5 acpi[0x837566BC] -> nt!IofCallDriver[0x8306211B] -> [0x86272028]
\Driver\iaStor[0x87B832E8] -> IRP_MJ_CREATE -> 0x87B95555
kernel: MBR read successfully
_asm { CALL 0x115; }
detected disk devices:
detected hooks:
\Driver\atapi -> 0x862141f8
user != kernel MBR !!!
Warning: possible MBR rootkit infection !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 23:31:19,76 ===============




Also, attached the ATTACH.TXT zipped.

EDIT: Posts merged ~Budapest

Attached Files


Edited by Budapest, 14 June 2011 - 04:46 PM.

WIN 7 ULTIMATE EN, AMD Dual-Core A4-6320, 3.8GHz (Turbo 4GHz), MB: ASUSTeK COMPUTER INC. A55BM-E Rev X.0x, DDR3 SIN 1333 4GB, AMD Radeon HD 8370D, Realtek High Definition Audio,

Seagate ST500DM002-1BD142 500GB


BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:22 AM

Posted 22 June 2011 - 12:39 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth Code, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:


Running OTL

We need to create a FULL OTL Report
  • Please download OTL from here:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 Shadowdance

Shadowdance
  • Topic Starter

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 22 June 2011 - 04:37 PM

Hello ST!

Pleasure to meet you!

Since I know that the forums are always crowded, I tried to fix it myself so this is what I've done.

Only Hitman 3.5 helped me really with this problem:

I downloaded it and activated the full trial, scanned and cleaned.

The PC is clean since then!

Would you like some logs to compare?

I believe that think is a very very sneaky and nasty bootkit which it might damage many things on our computers!

Thank you!

WIN 7 ULTIMATE EN, AMD Dual-Core A4-6320, 3.8GHz (Turbo 4GHz), MB: ASUSTeK COMPUTER INC. A55BM-E Rev X.0x, DDR3 SIN 1333 4GB, AMD Radeon HD 8370D, Realtek High Definition Audio,

Seagate ST500DM002-1BD142 500GB


#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:22 AM

Posted 22 June 2011 - 05:28 PM

Okay. Please post the log files you have as well as the logs from the scans in my previous post.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 Shadowdance

Shadowdance
  • Topic Starter

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 22 June 2011 - 07:12 PM

Hello again!

The logs from my previously infected PC are all in my first post!

The log from UnHooker (Scanned minutes ago) is below:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8D808000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9433088 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x83049000 C:\Windows\system32\ntoskrnl.exe 3846144 bytes (Microsoft Corporation, NT Kernel & System)
0x83049000 PnpManager 3846144 bytes
0x83049000 RAW 3846144 bytes
0x83049000 WMIxWDM 3846144 bytes
0x9A8C0000 Win32k 2105344 bytes
0x9A8C0000 C:\Windows\System32\win32k.sys 2105344 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης Multi-User Win32)
0x8ED41000 C:\Windows\system32\DRIVERS\snp2uvc.sys 1806336 bytes (-, UVC Camera Streaming Driver)
0x8E23F000 C:\Windows\system32\DRIVERS\athr.sys 1196032 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x89195000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης συστήματος αρχείων NT)
0x88E40000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8E8CA000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x88A3C000 PCI_PNP0576 995328 bytes
0x88A3C000 C:\Windows\System32\Drivers\spdm.sys 995328 bytes
0x88A3C000 sptd 995328 bytes
0x89003000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x888DD000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xACEEE000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x892DE000 C:\Windows\system32\DRIVERS\tdrpm258.sys 905216 bytes (Acronis, Acronis Try&Decide Volume Filter Driver)
0x8EF0E000 C:\Windows\System32\Drivers\dump_iaStor.sys 819200 bytes
0x88C7C000 C:\Windows\system32\DRIVERS\iaStor.sys 819200 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8E9CD000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xACC03000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8E107000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8E1B2000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x89108000 C:\Windows\system32\DRIVERS\timntr.sys 577536 bytes (Acronis, Acronis Backup Archive Explorer)
0x88DCF000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x889BD000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Χρόνος εκτέλεσης πλαισίου προγράμματος οδήγησης λειτουργίας πυρήνα)
0x88813000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xACD13000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, Στοίβα πρωτοκόλλου HTTP)
0xACE62000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9AB10000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x88C0D000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8EB8D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8ECE0000 C:\Windows\System32\Drivers\aswSP.SYS 290816 bytes (AVAST Software, avast! self protection module)
0x88B5E000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης ACPI για NT)
0x8889C000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x89611000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8E88C000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 253952 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8E36E000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8EC73000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88F76000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x89597000 C:\Windows\System32\Drivers\ay7sedj9.SYS 233472 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0xACDEA000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x892A5000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης σκιώδους αντιγράφου τόμου)
0x89434000 C:\Windows\system32\drivers\aswMonFlt.sys 225280 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8EB25000 C:\Windows\System32\drivers\pctgntdi.sys 225280 bytes (PC Tools, PC Tools Generic TDI Driver)
0x8E804000 C:\Windows\system32\drivers\CHDRT32.sys 221184 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x8978E000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83016000 ACPI_HAL 208896 bytes
0x83016000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88D74000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Διαχείριση φίλτρων συστήματος αρχείων της Microsoft)
0x8EC0A000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x895E2000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8E83A000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x89553000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x88F4B000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x89670000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xACCC3000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x893C3000 C:\Windows\system32\DRIVERS\snapman.sys 163840 bytes (Acronis, Acronis Snapshot API)
0x88FB1000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x88BAC000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, Απαρίθμηση PCI Τοποθέτησης και άμεσης λειτουργίας των NT)
0xACE3B000 C:\Windows\System32\DRIVERS\srv2.sys 159744 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0xACEB0000 C:\Windows\system32\DRIVERS\afcdp.sys 155648 bytes (Acronis, File Level CDP Kernel Helper)
0x88B38000 C:\Windows\System32\Drivers\SCSIPORT.SYS 155648 bytes (Microsoft Corporation, SCSI Port Driver)
0x8E867000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x896CC000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x89406000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8EAB2000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xACDCB000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x88D4C000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8974B000 C:\Windows\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0x8EB5C000 \ArcName\multi(0)disk(0)rdisk(0)partition(1)\Windows\system32\drivers\PctWfpFilter.sys 118784 bytes
0xACD80000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x890ED000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8EBDA000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης φίλτρου αναπαράστασης αρχείου LUA)
0x8946B000 C:\Windows\System32\drivers\pctplfw.sys 110592 bytes (PC Tools, PC Tools FW Plugin Driver)
0xACD9D000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x88DB6000 C:\Windows\System32\Drivers\TPkd.sys 102400 bytes (PACE Anti-Piracy, Inc., InterLok system file)
0x8957F000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xACE23000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8ECC9000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x896AA000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x89486000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8EC3C000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, Χρονοδιάγραμμα πακέτων QoS)
0x8EB05000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xACDB6000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x89712000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xACEDA000 C:\Windows\system32\drivers\PCTAppEvent.sys 81920 bytes (PC Tools, PC Tools App Monitor Driver)
0x896FE000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8EB79000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8E3CB000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης της θύρας i8042)
0xACCF7000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8EC60000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x88FD8000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x897C3000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88883000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης σφάλματος υλικού για συγκεκριμένη πλατφόρμα)
0x88DA6000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x89533000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x8969A000 C:\Windows\system32\DRIVERS\HssDrv.sys 65536 bytes (AnchorFree Inc., Hotspot Shield Routing Driver)
0xACCB3000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88C6C000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0xACFEC000 C:\Windows\system32\drivers\pctNdis-PacketFilter.sys 65536 bytes (PC Tools, PC Tools NDIS - Packet Filter)
0x8E3BB000 C:\Windows\system32\DRIVERS\Rtnicxp.sys 65536 bytes (Realtek Semiconductor Corporation                           , Realtek 10/100 NDIS 5.1 Driver                         )
0x8972E000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8951D000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8EFE0000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x893EB000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x88BD3000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x896EF000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E3AC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x88BEF000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x9AB00000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8EC52000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8EAEE000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88C5E000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x88A2E000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8EF01000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8EA82000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης του μόντεμ)
0x8973E000 C:\Windows\system32\DRIVERS\pctNdis.sys 53248 bytes (PC Tools, PC Tools NDIS Driver)
0x89663000 C:\Windows\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0x89778000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0xACFD8000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8EAA6000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8E1A6000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8E3DE000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης κλάσης πληκτρολογίου)
0x8E3E9000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης κλάσης ποντικιού)
0x8EAE3000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x896C1000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8ED27000 C:\Windows\system32\DRIVERS\point32k.sys 45056 bytes (Microsoft Corporation, Point32k.sys)
0x89652000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x89509000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8E363000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8EB1B000 C:\Windows\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0x88BE5000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8EFD6000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x88D6A000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8976E000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xACCED000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8ECBA000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xACFCE000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xACD0A000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8ECAF000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x89427000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8EA8F000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8ED32000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x89785000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης φίλτρων πληκτρολογίου HID)
0x8EAFC000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9AAE0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x89514000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8954A000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x88B2F000 C:\Windows\System32\Drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8E3F4000 C:\Windows\system32\drivers\Afc.sys 32768 bytes (Arcsoft, Inc., Arcsoft(R) ASPI Shell)
0x88D44000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x88894000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8EC00000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, Πρόγραμμα οδήγησης φίλτρων ποντικιού HID)
0x88BA4000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8EAD3000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8EADB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x893BB000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xACFE4000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8EA9F000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x89543000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x88C57000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8880C000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8EFF2000 C:\Windows\system32\DRIVERS\NuidFltr.sys 28672 bytes (Microsoft Corporation, Filter Driver for Microsoft Hardware HID Non-User Input Data)
0x8EA98000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8EEFA000 C:\Windows\system32\DRIVERS\sncduvc.SYS 28672 bytes (-, USBCAMD for Sonix UVC)
0x89727000 C:\Windows\system32\DRIVERS\taphss.sys 28672 bytes (AnchorFree Inc, TAP-Win32 Virtual Network Driver)
0x895D6000 C:\Windows\System32\Drivers\VcommMgr.sys 28672 bytes (IVT Corporation., Bluetooth VcommMgr Driver)
0x895D0000 C:\Windows\System32\Drivers\btnetBus.sys 24576 bytes
0x8D800000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8965D000 C:\Windows\system32\DRIVERS\ManyCam.sys 24576 bytes (ManyCam LLC., ManyCam Virtual Webcam, WDM Video Capture Driver)
0x89768000 C:\Windows\system32\DRIVERS\seehcri.sys 24576 bytes (Sony Ericsson Mobile Communications, seehcri Driver)
0x8EBD5000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x8ECC4000 C:\Windows\system32\ckldrv.sys 20480 bytes
0x895DD000 C:\Windows\System32\Drivers\IvtBtBus.sys 20480 bytes (IVT Corporation., IVT Bluetooth Bus Device Driver)
0x89430000 C:\Windows\System32\Drivers\BtHidBus.sys 16384 bytes (IVT Corporation., Bluetooth HID BUS Driver)
0x8952C000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xACED6000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8EFEF000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x88BE2000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x89530000 C:\Windows\system32\DRIVERS\cpqbttn.sys 12288 bytes (Hewlett-Packard Development Company, L.P., HP Tablet PC Key Button HID Driver)
0xACFCC000 C:\Windows\system32\drivers\regi.sys 8192 bytes (InterVideo, regi driver)
0x8D806000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8ECB8000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xACFFE000 C:\Users\Luna\Desktop\RealTemp_367\WinRing0.sys 8192 bytes (OpenLibSys.org, WinRing0)
0x85E161F8 unknown_irp_handler 3592 bytes
0x878B31F8 unknown_irp_handler 3592 bytes
0x879BF1F8 unknown_irp_handler 3592 bytes
0x85E141F8 unknown_irp_handler 3592 bytes
0x878B11F8 unknown_irp_handler 3592 bytes
0x87F421F8 unknown_irp_handler 3592 bytes
0x87EF91F8 unknown_irp_handler 3592 bytes
0x879D11F8 unknown_irp_handler 3592 bytes
0x850831F8 unknown_irp_handler 3592 bytes
0x810091F8 unknown_irp_handler 3592 bytes
0x878AF500 unknown_irp_handler 2816 bytes
0x88117500 unknown_irp_handler 2816 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\Windows\system32\drivers\sptd.sys]




--------------------OTL.exe-------------------------------

My OTL is crashing with fault module kernel32.exe - How could I fix this?

WIN 7 ULTIMATE EN, AMD Dual-Core A4-6320, 3.8GHz (Turbo 4GHz), MB: ASUSTeK COMPUTER INC. A55BM-E Rev X.0x, DDR3 SIN 1333 4GB, AMD Radeon HD 8370D, Realtek High Definition Audio,

Seagate ST500DM002-1BD142 500GB


#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:22 AM

Posted 22 June 2011 - 07:21 PM

Try running OTL in Safe mode.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 Shadowdance

Shadowdance
  • Topic Starter

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 22 June 2011 - 07:32 PM

Nope, it crashes in SM too :(

WIN 7 ULTIMATE EN, AMD Dual-Core A4-6320, 3.8GHz (Turbo 4GHz), MB: ASUSTeK COMPUTER INC. A55BM-E Rev X.0x, DDR3 SIN 1333 4GB, AMD Radeon HD 8370D, Realtek High Definition Audio,

Seagate ST500DM002-1BD142 500GB


#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:22 AM

Posted 22 June 2011 - 07:48 PM

Okay. Run a new DDS scan for me then and post the logs it produces.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 Shadowdance

Shadowdance
  • Topic Starter

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 22 June 2011 - 07:54 PM

DDS.TXT


DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 7.0.6002.18005
Run by Luna at 3:48:59 on 2011-06-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1253.30.1032.18.2037.646 [GMT 3:00]
.
AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Hard Drive Inspector\HDInspector.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\PicPick\picpick.exe
C:\Users\Luna\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\ASTSRV.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\lxdicoms.exe
C:\Program Files\Autodesk\mrstand3.7.51-max2010\bin\rayserver.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.vbvsearch.com/
uSearch Bar =
uSearch Page =
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Gamers Unite! Snag Bar BHO: {26a7ca19-7d58-411d-b2da-f1b0324cbffc} - c:\program files\gamers unite! snag bar\Toolbar.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: BHO Class: {8b3868b4-eba8-48fa-a19b-e1dfb99066fa} - c:\program files\flashcapture\fcbho.dll
BHO: Βοηθός εισόδου του Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: Veoh Video Compass: {52836eb0-631a-47b1-94a6-61f9d9112dae} - c:\program files\veoh networks\veoh video compass\SearchRecsPlugin.dll
TB: Gamers Unite! Snag Bar: {25515a79-c1c7-4b97-97f8-31a711694487} - c:\program files\gamers unite! snag bar\Toolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Sidebar] "c:\program files\windows sidebar\sidebar.exe" /autoRun
uRun: [PicPick Start] c:\program files\picpick\picpick.exe
mRun: [Apoint] "c:\program files\apoint2k\Apoint.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [BtTray] "c:\program files\ivt corporation\bluesoleil\BtTray.exe"
mRun: [HDInspector.exe] "c:\program files\hard drive inspector\HDInspector.exe"
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
StartupFolder: c:\users\luna\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\luna\appdata\roaming\dropbox\bin\Dropbox.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Save F&lash with FlashCapture - c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: Send by Bluetooth - c:\program files\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Send via &Message... - c:\program files\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\icq7.4\ICQ.exe
IE: {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - res://c:\program files\flashcapture\fciext.dll/FCIEXT.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{F869F8EA-7C7C-452D-AE42-FC668A2EA03A} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Notify: igfxcui - igfxdev.dll
Notify: MCPClient - c:\program files\common files\stardock\mcpstub.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - c:\progra~1\common~1\stardock\MCPCore.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\luna\appdata\roaming\mozilla\firefox\profiles\8aqfsju6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=logo
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\users\luna\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\luna\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-1-7 20744]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-4-14 911680]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-21 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-3 307928]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-2-3 233136]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-4-16 2480048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-3 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-3 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-20 42184]
R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
R2 maxmr3751;mental ray Standalone 3.7.51 for Max 2010(32 bit);c:\program files\autodesk\mrstand3.7.51-max2010\bin\rayserver.bat [2009-5-28 1523]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2009-6-15 188736]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-2-3 90112]
R2 OS Selector;Acronis OS Selector activator;c:\program files\acronis\diskdirector\oss\reinstall_svc.exe [2010-5-25 2139400]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-2-3 88040]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2010-2-3 818432]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-1-13 632792]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-4 1153368]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-4-16 160704]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2008-12-7 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-2-3 70664]
R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-2-3 58816]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-2-3 115216]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-2-3 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-16 136176]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-6-11 99248]
S2 SPMLM;SPM License Service for mental ray Standalone 3.7.51 for Max 2010;c:\windows\system32\spm\spmd.exe [2009-5-28 491520]
S3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-16 136176]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2010-2-3 32680]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-2-3 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-2-3 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-2-3 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-2-3 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-2-3 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-2-3 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-2-3 115752]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\luna\desktop\realtemp_367\WinRing0.sys [2011-6-20 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2011-1-22 16640]
.
=============== Created Last 30 ================
.
2011-06-21 13:08:49 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-17 02:16:08 -------- d-----w- c:\users\luna\appdata\roaming\Friday's games
2011-06-17 02:15:56 -------- d-----w- c:\program files\Games
2011-06-14 21:13:49 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-14 21:12:26 -------- d-----w- c:\programdata\Hitman Pro
2011-06-14 21:12:25 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-14 19:26:35 -------- d-----w- c:\users\luna\appdata\roaming\Spyware Terminator
2011-06-14 19:26:28 -------- d-----w- c:\programdata\Spyware Terminator
2011-06-14 19:26:25 -------- d-----w- c:\program files\Spyware Terminator
2011-06-14 19:08:12 -------- d-----w- c:\program files\NirSoft
2011-06-14 19:04:56 -------- d-----w- c:\users\luna\appdata\roaming\SUPERAntiSpyware.com
2011-06-14 19:04:56 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-14 19:04:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-14 18:15:37 -------- d-----w- C:\Malwarebytes
2011-06-14 16:55:34 -------- d-----w- c:\users\luna\appdata\local\Secunia PSI
2011-06-14 16:54:54 -------- d-----w- c:\program files\Secunia
2011-06-14 16:16:58 -------- d-----w- c:\program files\STOPzilla!
2011-06-14 16:16:57 -------- d-----w- c:\program files\common files\iS3
2011-06-14 16:16:56 -------- d-----w- c:\programdata\STOPzilla!
2011-06-14 02:09:06 -------- d-----w- c:\program files\Singular Inversions
2011-06-11 21:18:10 -------- d-----w- c:\users\luna\appdata\roaming\Guitar Pro 6
2011-06-11 21:18:10 -------- d-----w- c:\programdata\Guitar Pro 6
2011-06-11 21:13:47 -------- d-----w- c:\program files\Guitar Pro 6
2011-06-07 22:04:31 -------- d-----w- c:\program files\AFT software
2011-06-07 22:03:56 796672 ----a-w- c:\windows\GPInstall.exe
2011-06-05 17:31:26 -------- d-----w- c:\programdata\Redfield
2011-06-05 17:28:12 -------- d-----w- c:\windows\Splash Screens
2011-06-02 15:55:22 388096 ----a-r- c:\users\luna\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-29 17:47:42 -------- d-----w- c:\program files\ConvertHelper
2011-05-29 17:42:08 -------- d-----w- c:\users\luna\dwhelper
2011-05-27 13:36:40 18435072 ----a-w- c:\windows\system32\imageres.dll
.
==================== Find3M ====================
.
2011-06-23 00:30:47 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 06:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 06:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-22 21:48:21 34 ----a-w- c:\windows\system32\mnprxpd2d.bin
2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 11:59:44 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2005-07-14 18:31:20 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): Δεν ήταν δυνατή η προσπέλαση του αρχείου από τη διεργασία, επειδή χρησιμοποιείται ήδη από κάποια άλλη διεργασία.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ndis.sys athr.sys
c:\windows\system32\drivers\athr.sys Atheros Communications, Inc. Driver for Atheros CB42/CB43/MB42/MB43 Network Adapter
1 nt!IofCallDriver[0x8309811B] -> \Device\Harddisk0\DR0[0x8739F648]
3 CLASSPNP[0x894088B3] -> nt!IofCallDriver[0x8309811B] -> [0x85EF15D0]
kernel: MBR read successfully
_asm { CALL 0x115; }
user != kernel MBR !!!
.
============= FINISH: 3:51:52,34 ===============


ATTACH.TXT


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/11/2009 12:19:13
System Uptime: 23/6/2011 03:27:29 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30D9
Processor: Intel® Core™2 Duo CPU T5550 @ 1.83GHz | CPU | 1000/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 80 GiB total, 14,327 GiB free.
D: is FIXED (NTFS) - 218 GiB total, 19,5 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Βοηθός εισόδου του Windows Live
Πρόγραμμα Εγκατάστασης HP Backup & Recovery Manager
Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Client Profile
Πακέτο γλωσσών για τα Ελληνικά του Microsoft .NET Framework 4 Extended
Εργαλεία διαχείρισης fax της Lexmark
Εργαλείο αποστολής του Windows Live
2007 Microsoft Office Suite Service Pack 2 (SP2)
4shared Desktop
ABBYY FineReader 6.0 Sprint
ABBYY PDF Transformer 2.0
Absolute Fretboard Trainer PRO
Acoustica Effects Pack
Acoustica Mixcraft 4.5
Acronis Disk Director Home
Acronis True Image Home
Active@ Partition Recovery
ActiveCheck component for HP Active Support Library
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 9 Pro - English, Franηais, Deutsch
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9.3.3
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AMR to MP3 Converter 1.4
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft MediaImpression for Kodak
Atheros Driver Installation Program
Audacity 1.2.6
Autodesk 3ds Max 2010 32-bit
Autodesk 3ds Max 2010 32-bit Components
Autodesk Backburner 2008.1
Autodesk FBX Plugin 2009.4 - 3ds Max 2010
avast! Free Antivirus
Blender (remove only)
Bluesoleil 6.4.249.0
Bonjour
Byki
Byki Deluxe
Camtasia Studio 7
CCleaner
ChordPulse
ChronosXP (32-bit)
Comfort Keys Pro 4.3.3.0
Comical 0.8
Conexant HD Audio
ConvertHelper 2.2
Corel WinDVD 2010
CyberLink YouCam
DivX Codec
DivX Content Uploader
DivX Converter Mobile
DivX Player
DivX Web Player
Dropbox
DVD Decrypter (Remove Only)
EarMaster Pro 5
EVEREST Ultimate Edition v5.30
Extension Changer
Extra RAM 1.7
Facebook Plug-In
FeedDemon
Final Draft
Flash Drive Tester v1.14
FlashCapture v1.9.2.997
Flock (2.6.2)
FreeStar Free AMR MP3 Converter 1.0.4
FrostWire 4.20.2
Gadwin PrintScreen
Gamers Unite! Snag Bar
Google Earth Plug-in
Google Update Helper
GPL Ghostscript 8.70
Guitar Pro 5.2
Hard Drive Inspector for Notebooks 3.60 build # 322
HDAUDIO Soft Data Fax Modem with SmartCP
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotspot Shield 1.54
HP Customer Experience Enhancements
HP Help and Support
HP Support Assistant
HPAsset component for HP Active Support Library
ICQ7.4
ImgBurn
ImTOO DVD Ripper Platinum 5
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Intel® TV Wizard
Interlok driver setup x32
iTunes
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 3
JDownloader
Junk Mail filter update
K-Lite Codec Pack 6.2.0 (Full)
LAME v3.98.2 for Audacity
Lexicon Multilingual
Lexmark 3500-4500 Series
Licensing Service Install
Lingua Match deu-eng-usa
LogonStudio Vista
Malwarebytes' Anti-Malware έκδοση 1.51.0.1200
ManyCam 2.4 (remove only)
Megaplex
mental ray Standalone 3.7.51 for Max 2010 (32 bit)
mental ray Standalone 3.7.51 for Max 2010 Licensing (32 bit)
Messenger Plus! 5
Microangelo On Display
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile ELL Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended ELL Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 7.1
Microsoft Office Access MUI (Greek) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Greek) 2007
Microsoft Office Groove MUI (Greek) 2007
Microsoft Office InfoPath MUI (Greek) 2007
Microsoft Office OneNote MUI (Greek) 2007
Microsoft Office Outlook MUI (Greek) 2007
Microsoft Office PowerPoint MUI (Greek) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Greek) 2007
Microsoft Office Proofing (Greek) 2007
Microsoft Office Publisher MUI (Greek) 2007
Microsoft Office Shared MUI (Greek) 2007
Microsoft Office Word MUI (Greek) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
mIRC
MOV to AVI MPEG WMV Converter 6.2.0411
MozBackup 1.4.10
Mozilla Firefox 4.0.1 (x86 el)
MSN BackUp 1.3.4
MSVC80_x86_v2
MSVCRT
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NDS GBM GBA Movie Player Converter Crystal Ver1.22
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
neroxml
NetWaiting
NirSoft BlueScreenView
Nitro PDF Professional
NVIDIA PhysX
Onlinebandit 5.91
PC Tools Firewall Plus 6.0
PDF Password Remover v3.0
PDF Settings
PG Music DirectX Plugins 1.3.4.1
PicPick
Pidgin
Plants Vs Zombies
Python 3.2
QuickTime
RapidShare Manager 2
Registry Mechanic 10.0
RightClick
SAGEM F@st 1500
SC Ver 2.71
SeaTools for Windows
SHOUTcast DSP Plug-in v2
SkinStudio
Skype™ 4.2
SolSuite 2010 v10.1
Sony Ericsson PC Suite 6.009.00
Sony Ericsson Themes Creator 4.07
Sophos Anti-Rootkit 1.5.0
Sothink SWF Decompiler
Spybot - Search & Destroy
Streamripper (Remove only)
Studio Instruments 1.0
Subtitle Workshop 2.51
SweetIM for Messenger 3.1
System Requirements Lab for Intel
The Treasures of Montezuma 3 1.00
Touch Pad Driver
Transparent Language System
TreloScript By Takis456 01/08/05
TweetDeck
Twitter Update WLW plug-in
Uniblue DriverScanner 2009
Uninstall DreamSuite Bonus
Unity Web Player
Unix Utilities for Yahoo! Widgets
Unlocker 1.8.8
Vector Magic
Veetle TV 0.9.18
Veoh Video Compass
Veoh Web Player
Warlords Battlecry II
Winamp
Winamp Detector Plug-in
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Messenger Backup
Windows Live Writer
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Widgets
ZBrush 4
Zuma Deluxe
.
==== End Of File ===========================

Edited by SweetTech, 22 June 2011 - 08:27 PM.
removed code tags.--ST

WIN 7 ULTIMATE EN, AMD Dual-Core A4-6320, 3.8GHz (Turbo 4GHz), MB: ASUSTeK COMPUTER INC. A55BM-E Rev X.0x, DDR3 SIN 1333 4GB, AMD Radeon HD 8370D, Realtek High Definition Audio,

Seagate ST500DM002-1BD142 500GB


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:22 AM

Posted 22 June 2011 - 08:28 PM

Hi!

Please don't place the logs in code/quote tags. It makes the logs difficult to read.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 Shadowdance

Shadowdance
  • Topic Starter

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 22 June 2011 - 09:13 PM

Hello again, sorry for putting logs in code/quote ^^

Here is the combofix log you requested. Thank you for all the help!

ComboFix 11-06-22.02 - Luna 23/06/2011 4:42.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1253.30.1032.18.2037.339 [GMT 3:00]
Running from: c:\users\Luna\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\_@DC64.tmp
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\programdata\hpe2AD7.dll
c:\treloscript\TreloScript.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-23 to 2011-06-23 )))))))))))))))))))))))))))))))
.
.
2011-06-23 02:02 . 2011-06-23 02:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-23 02:02 . 2011-06-23 02:02 -------- d-----w- c:\users\Acronis Agent User\AppData\Local\temp
2011-06-21 13:08 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-17 02:16 . 2011-06-17 02:16 -------- d-----w- c:\users\Luna\AppData\Roaming\Friday's games
2011-06-17 02:15 . 2011-06-17 02:15 -------- d-----w- c:\program files\Games
2011-06-14 21:13 . 2011-06-14 21:58 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-14 21:12 . 2011-06-14 21:26 -------- d-----w- c:\programdata\Hitman Pro
2011-06-14 21:12 . 2011-06-14 21:12 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-14 19:26 . 2011-06-14 19:27 -------- d-----w- c:\users\Luna\AppData\Roaming\Spyware Terminator
2011-06-14 19:26 . 2011-06-14 19:31 -------- d-----w- c:\programdata\Spyware Terminator
2011-06-14 19:26 . 2011-06-14 19:31 -------- d-----w- c:\program files\Spyware Terminator
2011-06-14 19:08 . 2011-06-14 19:08 -------- d-----w- c:\program files\NirSoft
2011-06-14 19:04 . 2011-06-14 19:04 -------- d-----w- c:\users\Luna\AppData\Roaming\SUPERAntiSpyware.com
2011-06-14 19:04 . 2011-06-14 19:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-14 19:04 . 2011-06-14 19:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-14 18:15 . 2011-06-14 18:15 -------- d-----w- C:\Malwarebytes
2011-06-14 16:55 . 2011-06-14 16:55 -------- d-----w- c:\users\Luna\AppData\Local\Secunia PSI
2011-06-14 16:54 . 2011-06-14 16:54 -------- d-----w- c:\program files\Secunia
2011-06-14 16:16 . 2011-06-14 16:16 -------- d-----w- c:\program files\STOPzilla!
2011-06-14 16:16 . 2011-06-14 16:16 -------- d-----w- c:\program files\Common Files\iS3
2011-06-14 16:16 . 2011-06-14 19:06 -------- d-----w- c:\programdata\STOPzilla!
2011-06-14 02:09 . 2011-06-14 02:09 -------- d-----w- c:\program files\Singular Inversions
2011-06-11 21:18 . 2011-06-11 21:41 -------- d-----w- c:\users\Luna\AppData\Roaming\Guitar Pro 6
2011-06-11 21:18 . 2011-06-11 21:18 -------- d-----w- c:\programdata\Guitar Pro 6
2011-06-11 21:13 . 2011-06-11 21:37 -------- d-----w- c:\program files\Guitar Pro 6
2011-06-07 22:04 . 2011-06-08 00:24 -------- d-----w- c:\program files\AFT software
2011-06-07 22:03 . 2011-06-07 22:03 796672 ----a-w- c:\windows\GPInstall.exe
2011-06-05 17:31 . 2011-06-05 17:31 -------- d-----w- c:\programdata\Redfield
2011-06-05 17:28 . 2011-06-05 17:28 -------- d-----w- c:\windows\Splash Screens
2011-06-02 15:55 . 2011-06-02 15:55 388096 ----a-r- c:\users\Luna\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-29 17:47 . 2011-05-29 17:47 -------- d-----w- c:\program files\ConvertHelper
2011-05-29 17:42 . 2011-05-29 17:42 -------- d-----w- c:\users\Luna\dwhelper
2011-05-27 13:36 . 2011-05-27 13:36 18435072 ----a-w- c:\windows\system32\imageres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-23 00:30 . 2011-05-17 03:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 06:11 . 2010-11-24 00:31 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 06:11 . 2010-11-24 00:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:10 . 2010-06-29 11:57 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-02-03 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-02-03 17:25 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-02-03 17:25 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-02-03 17:25 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-02-03 17:25 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-02-03 17:25 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-14 16:40 . 2011-05-04 13:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2005-07-14 18:31 27648 --sha-w- c:\windows\System32\AVSredirect.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}]
2010-11-23 23:26 1532416 ----a-w- c:\program files\Gamers Unite! Snag Bar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2010-11-23 1532416]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2010-11-23 1532416]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Luna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Luna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Luna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Luna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2010-11-20 4816896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-21 217088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-02-03 3168216]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2010-04-16 3149504]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-09-16 104408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
.
c:\users\Luna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Luna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 12:13 49152 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2011-03-25 16:39 197912 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{a22e60ca-c861-11de-91c1-806e6f6e6963}\bootwiz\asrm.bin\0sasnative32
.
[HKLM\~\startupfolder\C:^Users^Luna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1Java™ Platform SE 7 U22
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1JbYvfpvrEUVqsCZ]
2010-11-06 18:04 1306624 ---ha-w- c:\users\Luna\AppData\Roaming\camtasia.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 13:07 362232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-11 23:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 08:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChronosXP]
2009-04-12 07:40 599040 ----a-w- c:\program files\ChronosXP\ChronosXP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CKeys]
2011-04-11 12:49 4174664 ----a-w- c:\program files\ComfortKeys\CKeys.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2008-12-09 11:08 495616 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 05:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2009-12-19 05:04 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 02:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 21:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 12:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-03-27 13:06 5107232 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-13 16:11 210216 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1418405828-3719453749-3786308609-1000]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1418405828-3719453749-3786308609-1002]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
R2 maxmr3751;mental ray Standalone 3.7.51 for Max 2010(32 bit);c:\program files\Autodesk\mrstand3.7.51-max2010\bin\rayserver.bat [2011-04-05 1523]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R2 SPMLM;SPM License Service for mental ray Standalone 3.7.51 for Max 2010;c:\windows\system32\spm\spmd.exe [2009-05-28 491520]
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
R3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\99AF.tmp [x]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2010-02-03 32680]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Luna\Desktop\RealTemp_367\WinRing0.sys [2008-07-26 14416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-03 691696]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-04-16 911680]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-03 233136]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-04-16 2480048]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-06-15 188736]
S2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139400]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-23 88040]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-04-16 160704]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-02-03 70664]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-02-03 58816]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2010-02-03 115216]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 01:36]
.
2011-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 01:36]
.
2011-06-22 c:\windows\Tasks\User_Feed_Synchronization-{89BA3246-CF32-4268-8639-D2590B4ABBA0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.vbvsearch.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save F&lash with FlashCapture - c:\program files\FlashCapture\fciext.dll/FCIEXT.htm
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Luna\AppData\Roaming\Mozilla\Firefox\Profiles\8aqfsju6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=logo
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-23 05:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002
.
CreateFile("\\.\PHYSICALDRIVE0"): Unable to access the file from the process because it is already used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\maxmr3751]
"ImagePath"="c:\program files\Autodesk\mrstand3.7.51-max2010\bin\rayserver.bat"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\99AF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1418405828-3719453749-3786308609-1002\Software\SecuROM\License information*]
"datasecu"=hex:97,40,54,d1,f7,71,3b,08,ba,5b,4e,ca,b5,11,df,71,8c,30,e6,fe,3a,
91,ab,ac,0c,94,31,ae,c0,de,0e,10,72,97,4d,ae,d7,89,a5,d4,e9,95,84,1f,95,da,\
"rkeysecu"=hex:74,e1,c9,33,83,1c,25,3c,57,13,27,c5,4b,c7,98,07
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-06-23 05:09:46
ComboFix-quarantined-files.txt 2011-06-23 02:09
.
Pre-Run: 20 Κατάλογοι 15.172.251.648 διαθέσιμα byte
Post-Run: 26 Κατάλογοι 16.878.456.832 διαθέσιμα byte
.
Current=6 Default=6 Failed=4 LastKnownGood=2 Sets=1,2,4,6
- - End Of File - - 37B59EB3ADCDCE088C06D653E25B9C00

WIN 7 ULTIMATE EN, AMD Dual-Core A4-6320, 3.8GHz (Turbo 4GHz), MB: ASUSTeK COMPUTER INC. A55BM-E Rev X.0x, DDR3 SIN 1333 4GB, AMD Radeon HD 8370D, Realtek High Definition Audio,

Seagate ST500DM002-1BD142 500GB


#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:22 AM

Posted 22 June 2011 - 09:53 PM

Run this tool:


Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 Shadowdance

Shadowdance
  • Topic Starter

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 23 June 2011 - 08:45 AM

2011/06/23 16:44:06.0956 7100 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/23 16:44:07.0282 7100 ================================================================================
2011/06/23 16:44:07.0282 7100 SystemInfo:
2011/06/23 16:44:07.0283 7100
2011/06/23 16:44:07.0283 7100 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/23 16:44:07.0284 7100 Product type: Workstation
2011/06/23 16:44:07.0284 7100 ComputerName: LUNAOBSCURA
2011/06/23 16:44:07.0284 7100 UserName: Luna
2011/06/23 16:44:07.0284 7100 Windows directory: C:\Windows
2011/06/23 16:44:07.0284 7100 System windows directory: C:\Windows
2011/06/23 16:44:07.0284 7100 Processor architecture: Intel x86
2011/06/23 16:44:07.0284 7100 Number of processors: 2
2011/06/23 16:44:07.0284 7100 Page size: 0x1000
2011/06/23 16:44:07.0285 7100 Boot type: Normal boot
2011/06/23 16:44:07.0285 7100 ================================================================================
2011/06/23 16:44:08.0008 7100 Initialize success
2011/06/23 16:44:10.0311 6176 ================================================================================
2011/06/23 16:44:10.0311 6176 Scan started
2011/06/23 16:44:10.0311 6176 Mode: Manual;
2011/06/23 16:44:10.0311 6176 ================================================================================
2011/06/23 16:44:11.0295 6176 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/23 16:44:11.0433 6176 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/06/23 16:44:11.0497 6176 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/06/23 16:44:11.0556 6176 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/06/23 16:44:11.0610 6176 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/06/23 16:44:11.0721 6176 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys
2011/06/23 16:44:11.0788 6176 afcdp (4fa0ca536dab995baf48bd41b4e2ed00) C:\Windows\system32\DRIVERS\afcdp.sys
2011/06/23 16:44:11.0855 6176 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/23 16:44:11.0918 6176 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/06/23 16:44:11.0973 6176 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/23 16:44:12.0054 6176 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/06/23 16:44:12.0107 6176 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/06/23 16:44:12.0159 6176 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/06/23 16:44:12.0208 6176 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/06/23 16:44:12.0246 6176 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/06/23 16:44:12.0311 6176 ApfiltrService (e05c9bb1798b8c590f6592fabb03a93e) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/06/23 16:44:12.0377 6176 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/06/23 16:44:12.0411 6176 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/06/23 16:44:12.0503 6176 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/23 16:44:12.0552 6176 aswMonFlt (9bdc8e9ce17b773f69d2c6696c768c4f) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/23 16:44:12.0631 6176 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\Windows\system32\drivers\aswRdr.sys
2011/06/23 16:44:12.0690 6176 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\Windows\system32\drivers\aswSnx.sys
2011/06/23 16:44:12.0757 6176 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\Windows\system32\drivers\aswSP.sys
2011/06/23 16:44:12.0827 6176 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\Windows\system32\drivers\aswTdi.sys
2011/06/23 16:44:12.0885 6176 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/23 16:44:12.0944 6176 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/23 16:44:13.0047 6176 athr (d6ed40129c5f70a7485185bab27b8330) C:\Windows\system32\DRIVERS\athr.sys
2011/06/23 16:44:13.0171 6176 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/23 16:44:13.0224 6176 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/06/23 16:44:13.0290 6176 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/23 16:44:13.0337 6176 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/23 16:44:13.0386 6176 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/23 16:44:13.0439 6176 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/23 16:44:13.0481 6176 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/23 16:44:13.0518 6176 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/23 16:44:13.0569 6176 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/23 16:44:13.0643 6176 BT (28d6d39b98eecbb6dffbcec2a740ff89) C:\Windows\system32\DRIVERS\btnetdrv.sys
2011/06/23 16:44:13.0695 6176 Btcsrusb (942c602296119d758547808221c85a2c) C:\Windows\system32\Drivers\btcusb.sys
2011/06/23 16:44:13.0747 6176 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/06/23 16:44:13.0804 6176 BtHidBus (ce441ccd98c5ecb10cb12fcaf97322ec) C:\Windows\system32\Drivers\BtHidBus.sys
2011/06/23 16:44:13.0858 6176 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/23 16:44:13.0918 6176 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/06/23 16:44:13.0980 6176 BTHPORT (5a3abaa2f8eece7aefb942773766e3db) C:\Windows\system32\Drivers\BTHport.sys
2011/06/23 16:44:14.0053 6176 BTHUSB (94e2941280e3756a5e0bcb467865c43a) C:\Windows\system32\Drivers\BTHUSB.sys
2011/06/23 16:44:14.0113 6176 btnetBUs (d3c277a51ef9e2ec972d6221f99c0b6d) C:\Windows\system32\Drivers\btnetBus.sys
2011/06/23 16:44:14.0244 6176 BTNetFilter (4f26303becbb7cc5ca8ff39593124cf2) C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys
2011/06/23 16:44:14.0494 6176 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/23 16:44:14.0550 6176 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/23 16:44:14.0615 6176 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/06/23 16:44:14.0671 6176 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/23 16:44:14.0742 6176 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/23 16:44:14.0793 6176 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/06/23 16:44:14.0863 6176 CnxtHdAudService (2e39f9c51912f4f211b0334aed33e7bd) C:\Windows\system32\drivers\CHDRT32.sys
2011/06/23 16:44:14.0896 6176 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/23 16:44:14.0954 6176 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/06/23 16:44:14.0999 6176 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/06/23 16:44:15.0166 6176 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/23 16:44:15.0222 6176 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/23 16:44:15.0313 6176 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/23 16:44:15.0395 6176 DXGKrnl (fb85f7f69e9b109820409243f578cc4d) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/23 16:44:15.0474 6176 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/23 16:44:15.0544 6176 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/23 16:44:15.0638 6176 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/06/23 16:44:15.0717 6176 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/06/23 16:44:15.0784 6176 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/23 16:44:15.0859 6176 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/23 16:44:15.0899 6176 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/23 16:44:15.0963 6176 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/23 16:44:16.0001 6176 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/23 16:44:16.0054 6176 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/23 16:44:16.0103 6176 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/23 16:44:16.0185 6176 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/23 16:44:16.0232 6176 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/23 16:44:16.0287 6176 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/23 16:44:16.0414 6176 HBtnKey (de15777902a5d9121857d155873a1d1b) C:\Windows\system32\DRIVERS\cpqbttn.sys
2011/06/23 16:44:16.0470 6176 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/23 16:44:16.0546 6176 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/23 16:44:16.0615 6176 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/23 16:44:16.0660 6176 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/23 16:44:16.0701 6176 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/23 16:44:16.0783 6176 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/06/23 16:44:16.0866 6176 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/06/23 16:44:16.0951 6176 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
2011/06/23 16:44:17.0025 6176 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/06/23 16:44:17.0089 6176 HTTP (4d6eb87dcabfd66221822f49cfd79077) C:\Windows\system32\drivers\HTTP.sys
2011/06/23 16:44:17.0143 6176 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/06/23 16:44:17.0189 6176 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/23 16:44:17.0274 6176 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2011/06/23 16:44:17.0323 6176 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/06/23 16:44:17.0519 6176 igfx (a9221d13d8f1f772010ee293ba9baeb7) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/06/23 16:44:17.0686 6176 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/23 16:44:17.0746 6176 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/06/23 16:44:17.0789 6176 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/23 16:44:17.0846 6176 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/23 16:44:17.0953 6176 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/23 16:44:17.0996 6176 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/23 16:44:18.0054 6176 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/23 16:44:18.0098 6176 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/06/23 16:44:18.0169 6176 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/23 16:44:18.0216 6176 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/23 16:44:18.0252 6176 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/23 16:44:18.0317 6176 IvtBtBUs (71e1fc547cc488d5cd7bf0860c96f5af) C:\Windows\system32\Drivers\IvtBtBus.sys
2011/06/23 16:44:18.0373 6176 k750bus (fe8300320281d658a7854d5cfc02a63f) C:\Windows\system32\DRIVERS\k750bus.sys
2011/06/23 16:44:18.0410 6176 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/23 16:44:18.0456 6176 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/23 16:44:18.0531 6176 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/23 16:44:18.0636 6176 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/23 16:44:18.0726 6176 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/23 16:44:18.0774 6176 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/23 16:44:18.0837 6176 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/23 16:44:18.0882 6176 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/23 16:44:18.0950 6176 ManyCam (c6d085c7045200143528136a43a65fde) C:\Windows\system32\DRIVERS\ManyCam.sys
2011/06/23 16:44:19.0064 6176 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/06/23 16:44:19.0139 6176 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/06/23 16:44:19.0188 6176 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/06/23 16:44:19.0246 6176 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/06/23 16:44:19.0398 6176 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/23 16:44:19.0439 6176 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/23 16:44:19.0501 6176 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/23 16:44:19.0546 6176 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/23 16:44:19.0598 6176 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/23 16:44:19.0645 6176 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/06/23 16:44:19.0700 6176 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/23 16:44:19.0804 6176 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/23 16:44:19.0857 6176 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/23 16:44:19.0922 6176 mrxsmb (66de1a2b389a1969ca1751b276108e45) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/23 16:44:19.0970 6176 mrxsmb10 (346611d7523b520faa86b76753cc9874) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/23 16:44:20.0034 6176 mrxsmb20 (c70c50d101b92b45c42ba11ea9fe6cd1) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/23 16:44:20.0098 6176 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/06/23 16:44:20.0149 6176 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/06/23 16:44:20.0232 6176 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/23 16:44:20.0285 6176 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/23 16:44:20.0383 6176 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/23 16:44:20.0449 6176 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/23 16:44:20.0501 6176 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/23 16:44:20.0576 6176 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/23 16:44:20.0645 6176 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/23 16:44:20.0691 6176 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/23 16:44:20.0772 6176 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/23 16:44:20.0857 6176 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/23 16:44:20.0913 6176 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/23 16:44:20.0989 6176 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/23 16:44:21.0031 6176 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/23 16:44:21.0083 6176 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/23 16:44:21.0132 6176 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/23 16:44:21.0179 6176 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/23 16:44:21.0236 6176 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/23 16:44:21.0381 6176 NetworkX (5ef7dd401771693245d46f4b0b69fe2b) C:\Windows\system32\ckldrv.sys
2011/06/23 16:44:21.0438 6176 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/23 16:44:21.0533 6176 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/23 16:44:21.0585 6176 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/23 16:44:21.0686 6176 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/23 16:44:21.0771 6176 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/23 16:44:21.0820 6176 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/06/23 16:44:21.0875 6176 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/23 16:44:21.0928 6176 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/06/23 16:44:21.0980 6176 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/06/23 16:44:22.0035 6176 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/06/23 16:44:22.0193 6176 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/06/23 16:44:22.0306 6176 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/23 16:44:22.0376 6176 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/23 16:44:22.0430 6176 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/23 16:44:22.0545 6176 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/23 16:44:22.0614 6176 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/06/23 16:44:22.0671 6176 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/23 16:44:22.0763 6176 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/06/23 16:44:22.0828 6176 PCTAppEvent (cc174f32cc9c18ea3109c4b0fc2ca8df) C:\Windows\system32\drivers\PCTAppEvent.sys
2011/06/23 16:44:22.0919 6176 PCTFW-DNS (0afd401e45033c6264080989647989d2) C:\Windows\system32\drivers\pctNdis-DNS.sys
2011/06/23 16:44:23.0002 6176 PCTFW-PacketFilter (4a7ef973fcd9c6cad6040ebb61262a5c) C:\Windows\system32\drivers\pctNdis-PacketFilter.sys
2011/06/23 16:44:23.0102 6176 pctgntdi (39e8623f9f29dbc9e053a696d85f8ac6) C:\Windows\System32\drivers\pctgntdi.sys
2011/06/23 16:44:23.0169 6176 pctNDIS (8bbe917bc4da64b0ba8db33d4c0e0b7d) C:\Windows\system32\DRIVERS\pctNdis.sys
2011/06/23 16:44:23.0277 6176 pctplfw (6d74df36716a458619a62dd764fc4f8b) C:\Windows\System32\drivers\pctplfw.sys
2011/06/23 16:44:23.0382 6176 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/23 16:44:23.0577 6176 Point32 (04df0452fbededf9297fd2e5440cb3c9) C:\Windows\system32\DRIVERS\point32k.sys
2011/06/23 16:44:23.0670 6176 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/23 16:44:23.0720 6176 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/06/23 16:44:23.0816 6176 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/23 16:44:23.0929 6176 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/06/23 16:44:24.0013 6176 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/23 16:44:24.0078 6176 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/23 16:44:24.0125 6176 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/23 16:44:24.0184 6176 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/23 16:44:24.0253 6176 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/23 16:44:24.0304 6176 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/23 16:44:24.0389 6176 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/23 16:44:24.0453 6176 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/23 16:44:24.0519 6176 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/06/23 16:44:24.0563 6176 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/23 16:44:24.0638 6176 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/23 16:44:24.0689 6176 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/06/23 16:44:24.0812 6176 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/06/23 16:44:24.0890 6176 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/23 16:44:24.0948 6176 RTL8023xp (959ef612d2ccfdb6d9e443f8e3655013) C:\Windows\system32\DRIVERS\Rtnicxp.sys
2011/06/23 16:44:25.0013 6176 s0016bus (59509ad6cbc28f2c73056268985b3e48) C:\Windows\system32\DRIVERS\s0016bus.sys
2011/06/23 16:44:25.0073 6176 s0016mdfl (b98c3a6f91f4fba285af9606a240c6b4) C:\Windows\system32\DRIVERS\s0016mdfl.sys
2011/06/23 16:44:25.0142 6176 s0016mdm (8a83426f4fb7b5212825d9de76368b1a) C:\Windows\system32\DRIVERS\s0016mdm.sys
2011/06/23 16:44:25.0206 6176 s0016mgmt (7a78bba97feb5e6d24c49e93a3bf7287) C:\Windows\system32\DRIVERS\s0016mgmt.sys
2011/06/23 16:44:25.0270 6176 s0016nd5 (34ef7b5f611957b73e7219dd5a222ad1) C:\Windows\system32\DRIVERS\s0016nd5.sys
2011/06/23 16:44:25.0338 6176 s0016obex (36792935847143e4a3cda0dc87248487) C:\Windows\system32\DRIVERS\s0016obex.sys
2011/06/23 16:44:25.0408 6176 s0016unic (927208754fb27fc3e7a659e77500c5d1) C:\Windows\system32\DRIVERS\s0016unic.sys
2011/06/23 16:44:25.0483 6176 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/23 16:44:25.0610 6176 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/23 16:44:25.0691 6176 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
2011/06/23 16:44:25.0751 6176 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/06/23 16:44:25.0801 6176 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/06/23 16:44:25.0842 6176 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/23 16:44:25.0966 6176 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/06/23 16:44:26.0013 6176 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/23 16:44:26.0064 6176 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/23 16:44:26.0111 6176 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/23 16:44:26.0220 6176 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/06/23 16:44:26.0289 6176 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/06/23 16:44:26.0350 6176 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/06/23 16:44:26.0576 6176 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/23 16:44:26.0680 6176 snapman (c6dafc9af23d54ca0e222b215d5e8378) C:\Windows\system32\DRIVERS\snapman.sys
2011/06/23 16:44:26.0813 6176 SNP2UVC (50660e6b082a7bf86751a003c3bb5210) C:\Windows\system32\DRIVERS\snp2uvc.sys
2011/06/23 16:44:26.0915 6176 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/23 16:44:27.0026 6176 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/06/23 16:44:27.0026 6176 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/06/23 16:44:27.0040 6176 sptd - detected LockedFile.Multi.Generic (1)
2011/06/23 16:44:27.0105 6176 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys
2011/06/23 16:44:27.0163 6176 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/23 16:44:27.0212 6176 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/23 16:44:27.0348 6176 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/23 16:44:27.0414 6176 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/23 16:44:27.0468 6176 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/23 16:44:27.0514 6176 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/23 16:44:27.0615 6176 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
2011/06/23 16:44:27.0735 6176 Tcpip (da467e7619ae5f4588e6262c13c8940a) C:\Windows\system32\drivers\tcpip.sys
2011/06/23 16:44:27.0856 6176 Tcpip6 (da467e7619ae5f4588e6262c13c8940a) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/23 16:44:27.0925 6176 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/23 16:44:27.0986 6176 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/23 16:44:28.0074 6176 tdrpman258 (8de3e45000ba8c9ebb16737d3f83e216) C:\Windows\system32\DRIVERS\tdrpm258.sys
2011/06/23 16:44:28.0158 6176 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/23 16:44:28.0219 6176 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/23 16:44:28.0293 6176 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/23 16:44:28.0428 6176 timounter (3e06987fedbcdfbff8e85ef8108565f9) C:\Windows\system32\DRIVERS\timntr.sys
2011/06/23 16:44:28.0506 6176 TPkd (a00dbb3ccf4e0821dd531db8746a1374) C:\Windows\system32\drivers\TPkd.sys
2011/06/23 16:44:28.0623 6176 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/23 16:44:28.0682 6176 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/23 16:44:28.0737 6176 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/23 16:44:28.0788 6176 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/06/23 16:44:28.0851 6176 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/23 16:44:28.0952 6176 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/23 16:44:29.0004 6176 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/06/23 16:44:29.0062 6176 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/23 16:44:29.0116 6176 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/23 16:44:29.0174 6176 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/23 16:44:29.0309 6176 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/23 16:44:29.0359 6176 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/23 16:44:29.0471 6176 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/23 16:44:29.0530 6176 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/23 16:44:29.0683 6176 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/23 16:44:29.0749 6176 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/23 16:44:29.0850 6176 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/23 16:44:29.0911 6176 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/23 16:44:29.0959 6176 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/23 16:44:30.0025 6176 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/06/23 16:44:30.0127 6176 VComm (0955553090e0a88614e5b8a02af9324c) C:\Windows\system32\DRIVERS\VComm.sys
2011/06/23 16:44:30.0183 6176 VcommMgr (ea0d7c68dc77b478f1c08022b8afe8ca) C:\Windows\system32\Drivers\VcommMgr.sys
2011/06/23 16:44:30.0247 6176 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/23 16:44:30.0305 6176 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/23 16:44:30.0363 6176 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/06/23 16:44:30.0415 6176 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/06/23 16:44:30.0464 6176 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/06/23 16:44:30.0518 6176 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/23 16:44:30.0592 6176 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/23 16:44:30.0663 6176 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/23 16:44:30.0739 6176 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/06/23 16:44:30.0879 6176 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/23 16:44:30.0931 6176 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/23 16:44:30.0965 6176 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/23 16:44:31.0066 6176 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/06/23 16:44:31.0196 6176 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/23 16:44:31.0465 6176 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/06/23 16:44:31.0773 6176 WinRing0_1_2_0 (845af1ba23c8d5e64def61bcc441604c) C:\Users\Luna\Desktop\RealTemp_367\WinRing0.sys
2011/06/23 16:44:32.0048 6176 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/23 16:44:32.0220 6176 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/23 16:44:32.0301 6176 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/23 16:44:32.0373 6176 WsAudioDevice_383 (85ece26f326c2d07ba77a60343468272) C:\Windows\system32\drivers\WsAudioDevice_383.sys
2011/06/23 16:44:32.0518 6176 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/23 16:44:32.0609 6176 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
2011/06/23 16:44:32.0811 6176 MBR (0x1B8) (5c4e693a43b2bacb7532e0e98fd8ce27) \Device\Harddisk0\DR0
2011/06/23 16:44:33.0063 6176 ================================================================================
2011/06/23 16:44:33.0063 6176 Scan finished
2011/06/23 16:44:33.0063 6176 ================================================================================
2011/06/23 16:44:33.0086 2476 Detected object count: 1
2011/06/23 16:44:33.0086 2476 Actual detected object count: 1
2011/06/23 16:44:43.0866 2476 LockedFile.Multi.Generic(sptd) - User select action: Skip

WIN 7 ULTIMATE EN, AMD Dual-Core A4-6320, 3.8GHz (Turbo 4GHz), MB: ASUSTeK COMPUTER INC. A55BM-E Rev X.0x, DDR3 SIN 1333 4GB, AMD Radeon HD 8370D, Realtek High Definition Audio,

Seagate ST500DM002-1BD142 500GB


#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:05:22 AM

Posted 23 June 2011 - 10:53 AM

Hi!

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.bleepingcomputer.com/forums/topic403792.html/page__view__findpost__p__2304124
Collect::
c:\users\Luna\AppData\Roaming\camtasia.exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1JbYvfpvrEUVqsCZ]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 Shadowdance

Shadowdance
  • Topic Starter

  • Members
  • 314 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 24 June 2011 - 09:59 AM

COMBOFIX

ComboFix 11-06-22.02 - Luna 24/06/2011 16:55:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1253.30.1032.18.2037.937 [GMT 3:00]
Running from: c:\users\Luna\Desktop\ComboFix.exe
Command switches used :: c:\users\Luna\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: PC Tools Firewall Plus *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
file zipped: c:\users\Luna\AppData\Roaming\camtasia.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))
.
.
2011-06-24 14:13 . 2011-06-24 14:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-06-21 13:08 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-17 02:16 . 2011-06-17 02:16 -------- d-----w- c:\users\Luna\AppData\Roaming\Friday's games
2011-06-17 02:15 . 2011-06-17 02:15 -------- d-----w- c:\program files\Games
2011-06-14 21:13 . 2011-06-14 21:58 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-14 21:12 . 2011-06-14 21:26 -------- d-----w- c:\programdata\Hitman Pro
2011-06-14 21:12 . 2011-06-14 21:12 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-14 19:26 . 2011-06-14 19:27 -------- d-----w- c:\users\Luna\AppData\Roaming\Spyware Terminator
2011-06-14 19:26 . 2011-06-14 19:31 -------- d-----w- c:\programdata\Spyware Terminator
2011-06-14 19:26 . 2011-06-14 19:31 -------- d-----w- c:\program files\Spyware Terminator
2011-06-14 19:08 . 2011-06-14 19:08 -------- d-----w- c:\program files\NirSoft
2011-06-14 19:04 . 2011-06-14 19:04 -------- d-----w- c:\users\Luna\AppData\Roaming\SUPERAntiSpyware.com
2011-06-14 19:04 . 2011-06-14 19:04 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-06-14 19:04 . 2011-06-14 19:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-14 18:15 . 2011-06-14 18:15 -------- d-----w- C:\Malwarebytes
2011-06-14 16:55 . 2011-06-14 16:55 -------- d-----w- c:\users\Luna\AppData\Local\Secunia PSI
2011-06-14 16:54 . 2011-06-14 16:54 -------- d-----w- c:\program files\Secunia
2011-06-14 16:16 . 2011-06-14 16:16 -------- d-----w- c:\program files\STOPzilla!
2011-06-14 16:16 . 2011-06-14 16:16 -------- d-----w- c:\program files\Common Files\iS3
2011-06-14 16:16 . 2011-06-14 19:06 -------- d-----w- c:\programdata\STOPzilla!
2011-06-14 02:09 . 2011-06-14 02:09 -------- d-----w- c:\program files\Singular Inversions
2011-06-11 21:18 . 2011-06-11 21:41 -------- d-----w- c:\users\Luna\AppData\Roaming\Guitar Pro 6
2011-06-11 21:18 . 2011-06-11 21:18 -------- d-----w- c:\programdata\Guitar Pro 6
2011-06-11 21:13 . 2011-06-11 21:37 -------- d-----w- c:\program files\Guitar Pro 6
2011-06-07 22:04 . 2011-06-08 00:24 -------- d-----w- c:\program files\AFT software
2011-06-07 22:03 . 2011-06-07 22:03 796672 ----a-w- c:\windows\GPInstall.exe
2011-06-05 17:31 . 2011-06-05 17:31 -------- d-----w- c:\programdata\Redfield
2011-06-05 17:28 . 2011-06-05 17:28 -------- d-----w- c:\windows\Splash Screens
2011-06-02 15:55 . 2011-06-02 15:55 388096 ----a-r- c:\users\Luna\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-29 17:47 . 2011-05-29 17:47 -------- d-----w- c:\program files\ConvertHelper
2011-05-29 17:42 . 2011-05-29 17:42 -------- d-----w- c:\users\Luna\dwhelper
2011-05-27 13:36 . 2011-05-27 13:36 18435072 ----a-w- c:\windows\system32\imageres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 13:55 . 2010-11-10 17:20 1306624 ---ha-w- c:\users\Luna\AppData\Roaming\camtasia.exe
2011-06-23 00:30 . 2011-05-17 03:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 06:11 . 2010-11-24 00:31 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 06:11 . 2010-11-24 00:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-10 12:10 . 2010-06-29 11:57 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-02-03 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2010-02-03 17:25 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2010-02-03 17:25 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-02-03 17:25 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-02-03 17:25 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-02-03 17:25 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-14 16:40 . 2011-05-04 13:20 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2005-07-14 18:31 27648 --sha-w- c:\windows\System32\AVSredirect.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}]
2010-11-23 23:26 1532416 ----a-w- c:\program files\Gamers Unite! Snag Bar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2010-11-23 1532416]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2010-11-23 1532416]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Luna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Luna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Luna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Luna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"PicPick Start"="c:\program files\PicPick\picpick.exe" [2010-11-20 4816896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-21 217088]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2010-02-03 3168216]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-07-16 434864]
"lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-07-16 25264]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-07-16 311984]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-11-11 1468256]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2009-02-27 278016]
"HDInspector.exe"="c:\program files\Hard Drive Inspector\HDInspector.exe" [2010-04-16 3149504]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-09-16 104408]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
.
c:\users\Luna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Luna\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 12:13 49152 ----a-w- c:\program files\Common Files\Stardock\MCPStub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2011-03-25 16:39 197912 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{a22e60ca-c861-11de-91c1-806e6f6e6963}\bootwiz\asrm.bin\0sasnative32
.
[HKLM\~\startupfolder\C:^Users^Luna^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\1Java™ Platform SE 7 U22
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svchost
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 13:07 362232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-11 23:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 08:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChronosXP]
2009-04-12 07:40 599040 ----a-w- c:\program files\ChronosXP\ChronosXP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CKeys]
2011-04-11 12:49 4174664 ----a-w- c:\program files\ComfortKeys\CKeys.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2008-12-09 11:08 495616 ----a-w- c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 05:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2009-12-19 05:04 1824040 ----a-w- c:\program files\ManyCam 2.4\ManyCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 02:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 21:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 12:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-03-27 13:06 5107232 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-06-13 16:11 210216 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1418405828-3719453749-3786308609-1000]
"EnableNotificationsRef"=dword:00000002
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1418405828-3719453749-3786308609-1002]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
R2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\lxdiserv.exe [2007-06-11 99248]
R2 SPMLM;SPM License Service for mental ray Standalone 3.7.51 for Max 2010;c:\windows\system32\spm\spmd.exe [2009-05-28 491520]
R3 ADASPROT;SYSTWEAKASO;c:\program files\Advanced System Optimizer 3\adasprot32.sys [x]
R3 CFcatchme;CFcatchme;c:\users\Luna\AppData\Local\Temp\CFcatchme.sys [x]
R3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [x]
R3 gupdatem;Υπηρεσία Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 136176]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\99AF.tmp [x]
R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2010-02-03 32680]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [x]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [x]
R3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Luna\Desktop\RealTemp_367\WinRing0.sys [2008-07-26 14416]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2008-11-19 16640]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-03 691696]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-04-16 911680]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-03 233136]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-04-16 2480048]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-05-10 53592]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
S2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe [2007-06-11 517040]
S2 maxmr3751;mental ray Standalone 3.7.51 for Max 2010(32 bit);c:\program files\Autodesk\mrstand3.7.51-max2010\bin\rayserver.bat [2011-04-05 1523]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2009-06-15 188736]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139400]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-23 88040]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-04-16 160704]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 30088]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 26248]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-02-03 70664]
S3 pctNDIS;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-02-03 58816]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2010-02-03 115216]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 01:36]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-16 01:36]
.
2011-06-23 c:\windows\Tasks\User_Feed_Synchronization-{89BA3246-CF32-4268-8639-D2590B4ABBA0}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.vbvsearch.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local
IE: E&ξαγωγή στο Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save F&lash with FlashCapture - c:\program files\FlashCapture\fciext.dll/FCIEXT.htm
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Luna\AppData\Roaming\Mozilla\Firefox\Profiles\8aqfsju6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=logo
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-24 17:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\maxmr3751]
"ImagePath"="c:\program files\Autodesk\mrstand3.7.51-max2010\bin\rayserver.bat"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\99AF.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1418405828-3719453749-3786308609-1002\Software\SecuROM\License information*]
"datasecu"=hex:97,40,54,d1,f7,71,3b,08,ba,5b,4e,ca,b5,11,df,71,8c,30,e6,fe,3a,
91,ab,ac,0c,94,31,ae,c0,de,0e,10,72,97,4d,ae,d7,89,a5,d4,e9,95,84,1f,95,da,\
"rkeysecu"=hex:74,e1,c9,33,83,1c,25,3c,57,13,27,c5,4b,c7,98,07
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4832)
c:\users\Luna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Microangelo On Display\MODIcon.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\program files\Microangelo On Display\MODSys.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe
c:\program files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\ASTSRV.EXE
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\windows\system32\conime.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Autodesk\mrstand3.7.51-max2010\bin\rayserver.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\PC Tools Firewall Plus\FWService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\program files\Common Files\AltrixSoft\HDDInfoService\HDDSvc.exe
c:\windows\PEV.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Completion time: 2011-06-24 17:28:19 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-24 14:28
ComboFix2.txt 2011-06-23 02:09
.
Pre-Run: 25 Κατάλογοι 14.142.525.440 διαθέσιμα byte
Post-Run: 28 Κατάλογοι 13.892.235.264 διαθέσιμα byte
.
Current=6 Default=6 Failed=4 LastKnownGood=2 Sets=1,2,4,6
- - End Of File - - 258DF6A1E7AE944CCC4C7FC1A3374408
Upload was successful

WIN 7 ULTIMATE EN, AMD Dual-Core A4-6320, 3.8GHz (Turbo 4GHz), MB: ASUSTeK COMPUTER INC. A55BM-E Rev X.0x, DDR3 SIN 1333 4GB, AMD Radeon HD 8370D, Realtek High Definition Audio,

Seagate ST500DM002-1BD142 500GB





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users